Lucene search

[email protected]CVE-2004-1013

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1013

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

cyrus imap server

remote code execution

vulnerability

fetch command

cve-2004-1013

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.5 High

AI Score

Confidence

High

0.107 Low

EPSS

Percentile

95.1%

JSON

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) “body[p”, (2) “binary[p”, or (3) “binary[p”) that cause an index increment error that leads to an out-of-bounds memory corruption.

Affected configurations

NVD

Node

carnegie_mellon_universitycyrus_imap_serverMatch2.1.7

carnegie_mellon_universitycyrus_imap_serverMatch2.1.9

carnegie_mellon_universitycyrus_imap_serverMatch2.1.10

carnegie_mellon_universitycyrus_imap_serverMatch2.1.16

carnegie_mellon_universitycyrus_imap_serverMatch2.2.0_alpha

carnegie_mellon_universitycyrus_imap_serverMatch2.2.1_beta

carnegie_mellon_universitycyrus_imap_serverMatch2.2.2_beta

carnegie_mellon_universitycyrus_imap_serverMatch2.2.3

carnegie_mellon_universitycyrus_imap_serverMatch2.2.4

carnegie_mellon_universitycyrus_imap_serverMatch2.2.5

carnegie_mellon_universitycyrus_imap_serverMatch2.2.6

carnegie_mellon_universitycyrus_imap_serverMatch2.2.7

carnegie_mellon_universitycyrus_imap_serverMatch2.2.8

openpkgopenpkgMatchcurrent

conectivalinuxMatch9.0

conectivalinuxMatch10.0

Node

redhatfedora_coreMatchcore_2.0

redhatfedora_coreMatchcore_3.0

trustixsecure_linuxMatch2.0

trustixsecure_linuxMatch2.1

trustixsecure_linuxMatch2.2

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

CPENameOperatorVersion
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.7
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.9
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.10
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.16
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.0_alpha
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.1_beta
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.2_beta
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.3
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.4
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.5

CPE	Name	Operator	Version
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.7
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.9
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.10
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.16
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.0_alpha
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.1_beta
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.2_beta
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.3
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.4
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.5